mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 05:38:06 +00:00
Code Issues Releases Wiki Activity

postfix-2.5-20070824

Browse Source
This commit is contained in:
Wietse Venema 2007-08-24 00:00:00 -05:00 committed by Viktor Dukhovni
parent 0463e04580
commit 6ffd52a10d
29 changed files with 459 additions and 357 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
postfix/HISTORY
View File

@ -13674,3 +13674,22 @@ Apologies for any names omitted.
cleanup server would get out of sync with the milter when
a milter replied with ACCEPT at the DATA command. Files:
cleanup/cleanup_envelope.c, smtpd/smtpd.c, milter/milters.c.
20070811
Cleanup: unlike smtpd_mumble_restrictions, the Postfix SMTP
server Milter reject logging did not show the (helo argument,
sender address, or recipient address) that was being rejected.
File: smtpd/smtpd.c.
20070824
Bugfix (introduced snapshot 20070429): the pipe(8) delivery
agent 'q' flag (quote address local-part) used the same bit
mask as the 'B' flag (append blank line). Setting one flag
also turned on the other. File: pipe/pipe.c.
Feature: specify the 'X' flag to indicate that the pipe(8)
delivery agent performs final delivery. This changes the
status in DSN "success" messages from "relayed" into
"delivered". File: pipe/pipe.c.

2
postfix/README_FILES/DATABASE_README
View File

@ -246,7 +246,7 @@ To find out what database types your Postfix system supports, use the "ppooss
in tcp_table(5). The lookup table name is "tcp:host:port" where "host"
specifies a symbolic hostname or a numeric IP address, and "port"
specifies a symbolic service name or a numeric port number. This
protocol is not available up to and including Postfix version 2.4.
protocol is not available in the stable Postfix release.
uunniixx (read-only)
A limited way to query the UNIX authentication database. The following
tables are implemented:

2
postfix/README_FILES/TUNING_README
View File

@ -155,7 +155,7 @@ will suffer grotesque delays if you do so. The limits are designed to protect
the smtpd(8) server against abuse by out-of-control clients.
smtpd_client_connection_count_limit (default: 50)
The maximum number of connections than an SMTP client may make
The maximum number of connections that an SMTP client may make
simultaneously.
smtpd_client_connection_rate_limit (default: no limit)
The maximum number of connections that an SMTP client may make in the

3
postfix/WISHLIST
View File

@ -1,5 +1,8 @@
Wish list:
Make TLS_BIO_BUFSIZE run-time adjustable, to future-proof
Postfix for remote connections with MSS > 8 kbytes.
Absent a formal spec, model IPv6 RBL lookups after the IPv6
PTR lookups (one zone per hex nibble, nibbles in reversed
order). How to specify whether to query an RBL server for

4
postfix/html/DATABASE_README.html
View File

@ -365,8 +365,8 @@ example, the lookup table "static:foobar" always returns the string
described in <a href="tcp_table.5.html">tcp_table(5)</a>. The lookup table name is "<a href="tcp_table.5.html">tcp</a>:host:port"
where "host" specifies a symbolic hostname or a numeric IP address,
and "port" specifies a symbolic service name or a numeric port
number. This protocol is not available up to and including Postfix
version 2.4. </dd>
number. This protocol is not available in the stable Postfix release.
</dd>
<dt> <b>unix</b> (read-only) </dt>

2
postfix/html/TUNING_README.html
View File

@ -243,7 +243,7 @@ out-of-control clients. </p>
<dl>
<dt> <a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (default: 50) </dt> <dd>
The maximum number of connections than an SMTP client may make
The maximum number of connections that an SMTP client may make
simultaneously. </dd>
<dt> <a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (default: no limit) </dt>

19
postfix/html/mysql_table.5.html
View File

@ -259,7 +259,15 @@ MYSQL_TABLE(5) MYSQL_TABLE(5)
limit is exceeded. Setting the limit to 1 ensures
that lookups do not return multiple values.
The following parameters can be used to fill in a SELECT
<b>OBSOLETE QUERY INTERFACE</b>
This section describes an interface that is deprecated as
of Postfix 2.2. It is replaced by the more general <b>query</b>
interface described above. If the <b>query</b> parameter is
defined, the legacy parameters described here ignored.
Please migrate to the new interface as the legacy inter-
face may be removed in a future release.
The following parameters can be used to fill in a SELECT
template statement of the form:
SELECT [<b>select_field</b>]
@ -267,18 +275,11 @@ MYSQL_TABLE(5) MYSQL_TABLE(5)
WHERE [<b>where_field</b>] = '%s'
[<b>additional_conditions</b>]
The specifier %s is replaced by the search string, and is
The specifier %s is replaced by the search string, and is
escaped so if it contains single quotes or other odd char-
acters, it will not cause a parse error, or worse, a secu-
rity problem.
As of Postfix 2.2 this interface is obsolete, it is
replaced by the more general <b>query</b> interface described
above. If the <b>query</b> parameter is defined, the legacy
parameters are ignored. Please migrate to the new inter-
face as the legacy interface may be removed in a future
release.
<b>select_field</b>
The SQL "select" parameter. Example:
<b>select_field</b> = forw_addr

28
postfix/html/pgsql_table.5.html
View File

@ -61,7 +61,7 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
<b>query</b> = SELECT <i>select</i><b>_</b><i>function</i>('%s')
or in the absence of <b>selection_function</b>, the lower prece-
or in the absence of <b>select_function</b>, the lower prece-
dence:
<b>query</b> = SELECT <i>select</i><b>_</b><i>field</i>
@ -264,23 +264,26 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
limit is exceeded. Setting the limit to 1 ensures
that lookups do not return multiple values.
Pre-Postfix 2.2 legacy interfaces:
<b>OBSOLETE QUERY INTERFACES</b>
This section describes query interfaces that are depre-
cated as of Postfix 2.2. Please migrate to the new <b>query</b>
interface as the old interfaces are slated to be phased
out.
<b>select_function</b>
This parameter specifies a database function name.
This parameter specifies a database function name.
Example:
select_function = my_lookup_user_alias
This is equivalent to:
query = SELECT my_lookup_user_alias('%s')
This parameter overrides the legacy table-related
fields (described below). With Postfix versions
prior to 2.2, it also overrides the <b>query</b> parame-
This parameter overrides the legacy table-related
fields (described below). With Postfix versions
prior to 2.2, it also overrides the <b>query</b> parame-
ter. Starting with Postfix 2.2, the <b>query</b> parameter
has highest precedence, and this parameter is dep-
recated. Please migrate to the new <b>query</b> interface
as this interface is slated to be phased out.
has highest precedence, and the <b>select_function</b>
parameter is deprecated.
The following parameters (with lower precedence than the
<b>select_function</b> interface described above) can be used to
@ -299,9 +302,8 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
Starting with Postfix 2.2, this interface is obsoleted by
the more general <b>query</b> interface described above. If
higher precedence the <b>query</b> or <b>select_function</b> parameters
described above are defined, these parameters are ignored.
Please migrate to the new <b>query</b> interface as this inter-
face is slated to be phased out.
described above are defined, the parameters described here
are ignored.
<b>select_field</b>
The SQL "select" parameter. Example:
@ -329,7 +331,7 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
<a href="PGSQL_README.html">PGSQL_README</a>, Postfix PostgreSQL client guide
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>

16
postfix/html/pipe.8.html
View File

@ -76,7 +76,7 @@ PIPE(8) PIPE(8)
escape sequences are recognized: <b>\a \b \f \n \r \t</b>
<b>\v \</b><i>ddd</i> (up to three octal digits) and <b>\\</b>.
<b>flags=BDFORhqu.</b>&gt; (optional)
<b>flags=BDFORXhqu.</b>&gt; (optional)
Optional message processing flags. By default, a
message is copied unchanged.
@ -116,6 +116,12 @@ PIPE(8) PIPE(8)
<b>R</b> Prepend a <b>Return-Path:</b> message header with
the envelope sender address.
<b>X</b> Indicate that the external command performs
final delivery. This flag affects the sta-
tus reported in "success" DSN (delivery sta-
tus notification) messages, and changes it
from "relayed" into "delivered".
<b>h</b> Fold the command-line <b>$recipient</b> address
domain part (text to the right of the right-
most <b>@</b> character) to lower case; fold the
@ -184,8 +190,8 @@ PIPE(8) PIPE(8)
This feature is available as of Postfix 2.3.
<b>size</b>=<i>size</i><b>_</b><i>limit</i> (optional)
Messages greater in size than this limit (in bytes)
will be returned to the sender as undeliverable.
Don't deliver messages that exceed this size limit
(in bytes); return them to the sender instead.
<b>user</b>=<i>username</i> (required)
@ -302,8 +308,8 @@ PIPE(8) PIPE(8)
<b>${sasl_sender</b>}
This macro expands to the SASL sender name
(i.e. the original submitter as per <a href="http://tools.ietf.org/html/rfc2554">RFC</a>
<a href="http://tools.ietf.org/html/rfc2554">2554</a>) used during the reception of the mes-
(i.e. the original submitter as per <a href="http://tools.ietf.org/html/rfc4954">RFC</a>
<a href="http://tools.ietf.org/html/rfc4954">4954</a>) used during the reception of the mes-
sage.
This is available in Postfix 2.2 and later.

8
postfix/html/postconf.5.html
View File

@ -1163,7 +1163,7 @@ is placed into the Postfix configuration directory. </p>
<p>
Enable inter-operability with SMTP clients that implement an obsolete
version of the AUTH command (<a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a>). Examples of such clients
version of the AUTH command (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>). Examples of such clients
are MicroSoft Outlook Express version 4 and MicroSoft Exchange
version 5.0.
</p>
@ -4188,7 +4188,7 @@ a neighboring system. </dd>
<dt><b> <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> </b></dt>
<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the
client is successfully authenticated via the <a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH)
client is successfully authenticated via the <a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH)
protocol. </dd>
<dt><b> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> </b></dt>
@ -9300,7 +9300,7 @@ network or network address listed in $<a href="postconf.5.html#mynetworks">myne
<dt><b><a name="permit_sasl_authenticated">permit_sasl_authenticated</a></b></dt>
<dd> Permit the request when the client is successfully
authenticated via the <a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH) protocol. </dd>
authenticated via the <a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH) protocol. </dd>
<dt><b><a name="permit_tls_all_clientcerts">permit_tls_all_clientcerts</a></b></dt>
@ -10557,7 +10557,7 @@ the SASL plug-in implementation that is selected with
configuration file or rendezvous point. </p>
<p> This feature is available in Postfix 2.3 and later. In earlier
releases it was called smtpd_sasl_application. </p>
releases it was called <b>smtpd_sasl_application_name</b>. </p>
</DD>

472
postfix/html/smtpd.8.html
View File

File diff suppressed because it is too large Load Diff

4
postfix/makedefs
View File

@ -130,6 +130,8 @@ case "$SYSTEM.$RELEASE" in
;;
FreeBSD.6*) SYSTYPE=FREEBSD6
;;
FreeBSD.7*) SYSTYPE=FREEBSD7
;;
OpenBSD.2*) SYSTYPE=OPENBSD2
;;
OpenBSD.3*) SYSTYPE=OPENBSD3
@ -309,7 +311,7 @@ EOF
rm -f makedefs.test makedefs.test.o makedefs.test.c;;
esac
;;
GNU.0*|GNU/kFreeBSD.[56]*)
GNU.0*|GNU/kFreeBSD.[567]*)
SYSTYPE=GNU0
# Postfix no longer needs DB 1.85 compatibility
if [ -f /usr/include/db.h ]

19
postfix/man/man5/mysql_table.5
View File

@ -258,7 +258,18 @@ A setting of zero disables the limit. Lookups fail with a
temporary error if the limit is exceeded. Setting the
limit to 1 ensures that lookups do not return multiple
values.
.PP
.SH "OBSOLETE QUERY INTERFACE"
.na
.nf
.ad
.fi
This section describes an interface that is deprecated as
of Postfix 2.2. It is replaced by the more general \fBquery\fR
interface described above. If the \fBquery\fR parameter
is defined, the legacy parameters described here ignored.
Please migrate to the new interface as the legacy interface
may be removed in a future release.
The following parameters can be used to fill in a
SELECT template statement of the form:
@ -272,12 +283,6 @@ SELECT template statement of the form:
The specifier %s is replaced by the search string, and is
escaped so if it contains single quotes or other odd characters,
it will not cause a parse error, or worse, a security problem.
As of Postfix 2.2 this interface is obsolete, it is replaced
by the more general \fBquery\fR interface described above.
If the \fBquery\fR parameter is defined, the legacy parameters
are ignored. Please migrate to the new interface as the legacy
interface may be removed in a future release.
.IP "\fBselect_field\fR"
The SQL "select" parameter. Example:
.nf

21
postfix/man/man5/pgsql_table.5
View File

@ -65,7 +65,7 @@ migrate to the new interface set:
\fBquery\fR = SELECT \fIselect_function\fR('%s')
.fi
or in the absence of \fBselection_function\fR, the lower precedence:
or in the absence of \fBselect_function\fR, the lower precedence:
.nf
\fBquery\fR = SELECT \fIselect_field\fR
@ -261,8 +261,15 @@ A setting of zero disables the limit. Lookups fail with a
temporary error if the limit is exceeded. Setting the
limit to 1 ensures that lookups do not return multiple
values.
.PP
Pre-Postfix 2.2 legacy interfaces:
.SH "OBSOLETE QUERY INTERFACES"
.na
.nf
.ad
.fi
This section describes query interfaces that are deprecated
as of Postfix 2.2. Please migrate to the new \fBquery\fR
interface as the old interfaces are slated to be phased
out.
.IP "\fBselect_function\fR"
This parameter specifies a database function name. Example:
.nf
@ -277,9 +284,8 @@ This is equivalent to:
This parameter overrides the legacy table-related fields (described
below). With Postfix versions prior to 2.2, it also overrides the
\fBquery\fR parameter. Starting with Postfix 2.2, the \fBquery\fR
parameter has highest precedence, and this parameter is deprecated.
Please migrate to the new \fBquery\fR interface as this interface
is slated to be phased out.
parameter has highest precedence, and the \fBselect_function\fR
parameter is deprecated.
.PP
The following parameters (with lower precedence than the
\fBselect_function\fR interface described above) can be used to
@ -300,8 +306,7 @@ problem.
Starting with Postfix 2.2, this interface is obsoleted by the more
general \fBquery\fR interface described above. If higher precedence
the \fBquery\fR or \fBselect_function\fR parameters described above
are defined, these parameters are ignored. Please migrate to the new
\fBquery\fR interface as this interface is slated to be phased out.
are defined, the parameters described here are ignored.
.IP "\fBselect_field\fR"
The SQL "select" parameter. Example:
.nf

8
postfix/man/man5/postconf.5
View File

@ -641,7 +641,7 @@ is placed into the Postfix configuration directory.
This feature is available in Postfix 2.3 and later.
.SH broken_sasl_auth_clients (default: no)
Enable inter-operability with SMTP clients that implement an obsolete
version of the AUTH command (RFC 2554). Examples of such clients
version of the AUTH command (RFC 4954). Examples of such clients
are MicroSoft Outlook Express version 4 and MicroSoft Exchange
version 5.0.
.PP
@ -2225,7 +2225,7 @@ address rewriting when mail from a remote client is forwarded by
a neighboring system.
.IP "\fB permit_sasl_authenticated \fR"
Append the domain name in $myorigin or $mydomain when the
client is successfully authenticated via the RFC 2554 (AUTH)
client is successfully authenticated via the RFC 4954 (AUTH)
protocol.
.IP "\fB permit_tls_clientcerts \fR"
Append the domain name in $myorigin or $mydomain when the
@ -5488,7 +5488,7 @@ Permit the request when the client IP address matches any
network or network address listed in $mynetworks.
.IP "\fBpermit_sasl_authenticated\fR"
Permit the request when the client is successfully
authenticated via the RFC 2554 (AUTH) protocol.
authenticated via the RFC 4954 (AUTH) protocol.
.IP "\fBpermit_tls_all_clientcerts\fR"
Permit the request when the remote SMTP client certificate is
verified successfully. This option must be used only if a special
@ -6311,7 +6311,7 @@ the SASL plug-in implementation that is selected with
configuration file or rendezvous point.
.PP
This feature is available in Postfix 2.3 and later. In earlier
releases it was called smtpd_sasl_application.
releases it was called \fBsmtpd_sasl_application_name\fR.
.SH smtpd_sasl_security_options (default: noanonymous)
Postfix SMTP server SASL security options; as of Postfix 2.3
the list of available

13
postfix/man/man8/pipe.8
View File

@ -75,7 +75,7 @@ The output record delimiter. Typically one would use either
\fB\er\en\fR or \fB\en\fR. The usual C-style backslash escape
sequences are recognized: \fB\ea \eb \ef \en \er \et \ev
\e\fIddd\fR (up to three octal digits) and \fB\e\e\fR.
.IP "\fBflags=BDFORhqu.>\fR (optional)"
.IP "\fBflags=BDFORXhqu.>\fR (optional)"
Optional message processing flags. By default, a message is
copied unchanged.
.RS
@ -110,6 +110,11 @@ This feature is available as of Postfix 2.0.
.IP \fBR\fR
Prepend a \fBReturn-Path:\fR message header with the envelope sender
address.
.IP \fBX\fR
Indicate that the external command performs final delivery.
This flag affects the status reported in "success" DSN
(delivery status notification) messages, and changes it
from "relayed" into "delivered".
.IP \fBh\fR
Fold the command-line \fB$recipient\fR address domain part
(text to the right of the right-most \fB@\fR character) to
@ -173,8 +178,8 @@ specify \fB$sender\fR as an argument by itself:
.IP
This feature is available as of Postfix 2.3.
.IP "\fBsize\fR=\fIsize_limit\fR (optional)"
Messages greater in size than this limit (in bytes) will
be returned to the sender as undeliverable.
Don't deliver messages that exceed this size limit (in
bytes); return them to the sender instead.
.IP "\fBuser\fR=\fIusername\fR (required)"
.IP "\fBuser\fR=\fIusername\fR:\fIgroupname\fR"
Execute the external command with the rights of the
@ -259,7 +264,7 @@ if the message has been received without SASL authentication.
This is available in Postfix 2.2 and later.
.IP \fB${\fBsasl_sender\fR}\fR
This macro expands to the SASL sender name (i.e. the original
submitter as per RFC 2554) used during the reception of the message.
submitter as per RFC 4954) used during the reception of the message.
.sp
This is available in Postfix 2.2 and later.
.IP \fB${\fBsasl_username\fR}\fR

11
postfix/man/man8/smtpd.8
View File

@ -92,7 +92,7 @@ undesirable use.
.fi
.IP "\fBbroken_sasl_auth_clients (no)\fR"
Enable inter-operability with SMTP clients that implement an obsolete
version of the AUTH command (RFC 2554).
version of the AUTH command (RFC 4954).
.IP "\fBdisable_vrfy_command (no)\fR"
Disable the SMTP VRFY command.
.IP "\fBsmtpd_noop_commands (empty)\fR"
@ -264,13 +264,13 @@ What SMTP clients are allowed to use the XFORWARD feature.
.nf
.ad
.fi
Postfix SASL support (RFC 2554) can be used to authenticate remote
Postfix SASL support (RFC 4954) can be used to authenticate remote
SMTP clients to the Postfix SMTP server, and to authenticate the
Postfix SMTP client to a remote SMTP server.
See the SASL_README document for details.
.IP "\fBbroken_sasl_auth_clients (no)\fR"
Enable inter-operability with SMTP clients that implement an obsolete
version of the AUTH command (RFC 2554).
version of the AUTH command (RFC 4954).
.IP "\fBsmtpd_sasl_auth_enable (no)\fR"
Enable SASL authentication in the Postfix SMTP server.
.IP "\fBsmtpd_sasl_local_domain (empty)\fR"
@ -290,6 +290,11 @@ Available in Postfix version 2.1 and later:
What remote SMTP clients the Postfix SMTP server will not offer
AUTH support to.
.PP
Available in Postfix version 2.1 and 2.2:
.IP "\fBsmtpd_sasl_application_name (smtpd)\fR"
The application name that the Postfix SMTP server uses for SASL
server initialization.
.PP
Available in Postfix version 2.3 and later:
.IP "\fBsmtpd_sasl_authenticated_header (no)\fR"
Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received

4
postfix/proto/DATABASE_README.html
View File

@ -365,8 +365,8 @@ example, the lookup table "static:foobar" always returns the string
described in tcp_table(5). The lookup table name is "tcp:host:port"
where "host" specifies a symbolic hostname or a numeric IP address,
and "port" specifies a symbolic service name or a numeric port
number. This protocol is not available up to and including Postfix
version 2.4. </dd>
number. This protocol is not available in the stable Postfix release.
</dd>
<dt> <b>unix</b> (read-only) </dt>

2
postfix/proto/TUNING_README.html
View File

@ -243,7 +243,7 @@ out-of-control clients. </p>
<dl>
<dt> smtpd_client_connection_count_limit (default: 50) </dt> <dd>
The maximum number of connections than an SMTP client may make
The maximum number of connections that an SMTP client may make
simultaneously. </dd>
<dt> smtpd_client_connection_rate_limit (default: no limit) </dt>

17
postfix/proto/mysql_table
View File

@ -246,7 +246,16 @@
# temporary error if the limit is exceeded. Setting the
# limit to 1 ensures that lookups do not return multiple
# values.
# .PP
# OBSOLETE QUERY INTERFACE
# .ad
# .fi
# This section describes an interface that is deprecated as
# of Postfix 2.2. It is replaced by the more general \fBquery\fR
# interface described above. If the \fBquery\fR parameter
# is defined, the legacy parameters described here ignored.
# Please migrate to the new interface as the legacy interface
# may be removed in a future release.
#
# The following parameters can be used to fill in a
# SELECT template statement of the form:
#
@ -260,12 +269,6 @@
# The specifier %s is replaced by the search string, and is
# escaped so if it contains single quotes or other odd characters,
# it will not cause a parse error, or worse, a security problem.
#
# As of Postfix 2.2 this interface is obsolete, it is replaced
# by the more general \fBquery\fR interface described above.
# If the \fBquery\fR parameter is defined, the legacy parameters
# are ignored. Please migrate to the new interface as the legacy
# interface may be removed in a future release.
# .IP "\fBselect_field\fR"
# The SQL "select" parameter. Example:
# .nf

19
postfix/proto/pgsql_table
View File

@ -57,7 +57,7 @@
# \fBquery\fR = SELECT \fIselect_function\fR('%s')
# .fi
#
# or in the absence of \fBselection_function\fR, the lower precedence:
# or in the absence of \fBselect_function\fR, the lower precedence:
#
# .nf
# \fBquery\fR = SELECT \fIselect_field\fR
@ -249,8 +249,13 @@
# temporary error if the limit is exceeded. Setting the
# limit to 1 ensures that lookups do not return multiple
# values.
# .PP
# Pre-Postfix 2.2 legacy interfaces:
# OBSOLETE QUERY INTERFACES
# .ad
# .fi
# This section describes query interfaces that are deprecated
# as of Postfix 2.2. Please migrate to the new \fBquery\fR
# interface as the old interfaces are slated to be phased
# out.
# .IP "\fBselect_function\fR"
# This parameter specifies a database function name. Example:
# .nf
@ -265,9 +270,8 @@
# This parameter overrides the legacy table-related fields (described
# below). With Postfix versions prior to 2.2, it also overrides the
# \fBquery\fR parameter. Starting with Postfix 2.2, the \fBquery\fR
# parameter has highest precedence, and this parameter is deprecated.
# Please migrate to the new \fBquery\fR interface as this interface
# is slated to be phased out.
# parameter has highest precedence, and the \fBselect_function\fR
# parameter is deprecated.
# .PP
# The following parameters (with lower precedence than the
# \fBselect_function\fR interface described above) can be used to
@ -288,8 +292,7 @@
# Starting with Postfix 2.2, this interface is obsoleted by the more
# general \fBquery\fR interface described above. If higher precedence
# the \fBquery\fR or \fBselect_function\fR parameters described above
# are defined, these parameters are ignored. Please migrate to the new
# \fBquery\fR interface as this interface is slated to be phased out.
# are defined, the parameters described here are ignored.
# .IP "\fBselect_field\fR"
# The SQL "select" parameter. Example:
# .nf

10
postfix/proto/postconf.proto
View File

@ -4631,7 +4631,7 @@ network or network address listed in $mynetworks. </dd>
<dt><b><a name="permit_sasl_authenticated">permit_sasl_authenticated</a></b></dt>
<dd> Permit the request when the client is successfully
authenticated via the RFC 2554 (AUTH) protocol. </dd>
authenticated via the RFC 4954 (AUTH) protocol. </dd>
<dt><b><a name="permit_tls_all_clientcerts">permit_tls_all_clientcerts</a></b></dt>
@ -5418,7 +5418,7 @@ smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
%CLASS sasl-auth SASL Authentication
<p>
Postfix SASL support (RFC 2554) can be used to authenticate remote
Postfix SASL support (RFC 4954) can be used to authenticate remote
SMTP clients to the Postfix SMTP server, and to authenticate the
Postfix SMTP client to a remote SMTP server.
See the SASL_README document for details.
@ -6434,7 +6434,7 @@ This feature is available in Postfix 2.0 and later.
<p>
Enable inter-operability with SMTP clients that implement an obsolete
version of the AUTH command (RFC 2554). Examples of such clients
version of the AUTH command (RFC 4954). Examples of such clients
are MicroSoft Outlook Express version 4 and MicroSoft Exchange
version 5.0.
</p>
@ -8078,7 +8078,7 @@ a neighboring system. </dd>
<dt><b> permit_sasl_authenticated </b></dt>
<dd> Append the domain name in $myorigin or $mydomain when the
client is successfully authenticated via the RFC 2554 (AUTH)
client is successfully authenticated via the RFC 4954 (AUTH)
protocol. </dd>
<dt><b> permit_tls_clientcerts </b></dt>
@ -9397,7 +9397,7 @@ the SASL plug-in implementation that is selected with
configuration file or rendezvous point. </p>
<p> This feature is available in Postfix 2.3 and later. In earlier
releases it was called smtpd_sasl_application. </p>
releases it was called <b>smtpd_sasl_application_name</b>. </p>
%PARAM cyrus_sasl_config_path

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20070731"
#define MAIL_RELEASE_DATE "20070824"
#define MAIL_VERSION_NUMBER "2.5"
#ifdef SNAPSHOT

40
postfix/src/pipe/pipe.c
View File

@ -65,7 +65,7 @@
/* \fB\er\en\fR or \fB\en\fR. The usual C-style backslash escape
/* sequences are recognized: \fB\ea \eb \ef \en \er \et \ev
/* \e\fIddd\fR (up to three octal digits) and \fB\e\e\fR.
/* .IP "\fBflags=BDFORhqu.>\fR (optional)"
/* .IP "\fBflags=BDFORXhqu.>\fR (optional)"
/* Optional message processing flags. By default, a message is
/* copied unchanged.
/* .RS
@ -100,6 +100,11 @@
/* .IP \fBR\fR
/* Prepend a \fBReturn-Path:\fR message header with the envelope sender
/* address.
/* .IP \fBX\fR
/* Indicate that the external command performs final delivery.
/* This flag affects the status reported in "success" DSN
/* (delivery status notification) messages, and changes it
/* from "relayed" into "delivered".
/* .IP \fBh\fR
/* Fold the command-line \fB$recipient\fR address domain part
/* (text to the right of the right-most \fB@\fR character) to
@ -163,8 +168,8 @@
/* .IP
/* This feature is available as of Postfix 2.3.
/* .IP "\fBsize\fR=\fIsize_limit\fR (optional)"
/* Messages greater in size than this limit (in bytes) will
/* be returned to the sender as undeliverable.
/* Don't deliver messages that exceed this size limit (in
/* bytes); return them to the sender instead.
/* .IP "\fBuser\fR=\fIusername\fR (required)"
/* .IP "\fBuser\fR=\fIusername\fR:\fIgroupname\fR"
/* Execute the external command with the rights of the
@ -249,7 +254,7 @@
/* This is available in Postfix 2.2 and later.
/* .IP \fB${\fBsasl_sender\fR}\fR
/* This macro expands to the SASL sender name (i.e. the original
/* submitter as per RFC 2554) used during the reception of the message.
/* submitter as per RFC 4954) used during the reception of the message.
/* .sp
/* This is available in Postfix 2.2 and later.
/* .IP \fB${\fBsasl_username\fR}\fR
@ -490,7 +495,8 @@
#define PIPE_OPT_FOLD_BASE (16)
#define PIPE_OPT_FOLD_USER (FOLD_ADDR_USER << PIPE_OPT_FOLD_BASE)
#define PIPE_OPT_FOLD_HOST (FOLD_ADDR_HOST << PIPE_OPT_FOLD_BASE)
#define PIPE_OPT_QUOTE_LOCAL (PIPE_OPT_FOLD_BASE << 2)
#define PIPE_OPT_QUOTE_LOCAL (1 << (PIPE_OPT_FOLD_BASE + 2))
#define PIPE_OPT_FINAL_DELIVERY (1 << (PIPE_OPT_FOLD_BASE + 3))
#define PIPE_OPT_FOLD_ALL (FOLD_ADDR_ALL << PIPE_OPT_FOLD_BASE)
#define PIPE_OPT_FOLD_FLAGS(f) \
@ -811,6 +817,9 @@ static void get_service_attr(PIPE_ATTR *attr, char **argv)
case 'R':
attr->flags |= MAIL_COPY_RETURN_PATH;
break;
case 'X':
attr->flags |= PIPE_OPT_FINAL_DELIVERY;
break;
case '.':
attr->flags |= MAIL_COPY_DOT;
break;
@ -939,7 +948,7 @@ static void get_service_attr(PIPE_ATTR *attr, char **argv)
/* eval_command_status - do something with command completion status */
static int eval_command_status(int command_status, char *service,
DELIVER_REQUEST *request, VSTREAM *src,
DELIVER_REQUEST *request, PIPE_ATTR *attr,
DSN_BUF *why)
{
RECIPIENT *rcpt;
@ -953,7 +962,8 @@ static int eval_command_status(int command_status, char *service,
*/
switch (command_status) {
case PIPE_STAT_OK:
dsb_update(why, "2.0.0", "relayed", DSB_SKIP_RMTA, DSB_SKIP_REPLY,
dsb_update(why, "2.0.0", (attr->flags & PIPE_OPT_FINAL_DELIVERY) ?
"delivered" : "relayed", DSB_SKIP_RMTA, DSB_SKIP_REPLY,
"delivered via %s service", service);
(void) DSN_FROM_DSN_BUF(why);
for (n = 0; n < request->rcpt_list.len; n++) {
@ -962,7 +972,7 @@ static int eval_command_status(int command_status, char *service,
request->queue_id, &request->msg_stats, rcpt,
service, &why->dsn);
if (status == 0 && (request->flags & DEL_REQ_FLAG_SUCCESS))
deliver_completed(src, rcpt->offset);
deliver_completed(request->fp, rcpt->offset);
result |= status;
}
break;
@ -977,7 +987,7 @@ static int eval_command_status(int command_status, char *service,
&request->msg_stats, rcpt,
service, &why->dsn);
if (status == 0)
deliver_completed(src, rcpt->offset);
deliver_completed(request->fp, rcpt->offset);
result |= status;
}
} else {
@ -1047,7 +1057,7 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv)
if ((attr.flags & MAIL_COPY_DELIVERED) && (rcpt_list->len > 1)) {
dsb_simple(why, "4.3.5", "mail system configuration error");
deliver_status = eval_command_status(PIPE_STAT_DEFER, service,
request, request->fp, why);
request, &attr, why);
msg_warn("pipe flag `D' requires %s_destination_recipient_limit = 1",
service);
DELIVER_MSG_CLEANUP();
@ -1060,7 +1070,7 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv)
if ((attr.flags & MAIL_COPY_ORIG_RCPT) && (rcpt_list->len > 1)) {
dsb_simple(why, "4.3.5", "mail system configuration error");
deliver_status = eval_command_status(PIPE_STAT_DEFER, service,
request, request->fp, why);
request, &attr, why);
msg_warn("pipe flag `O' requires %s_destination_recipient_limit = 1",
service);
DELIVER_MSG_CLEANUP();
@ -1076,7 +1086,7 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv)
myname, (long) attr.size_limit, request->data_size);
dsb_simple(why, "5.2.3", "message too large");
deliver_status = eval_command_status(PIPE_STAT_BOUNCE, service,
request, request->fp, why);
request, &attr, why);
DELIVER_MSG_CLEANUP();
return (deliver_status);
}
@ -1126,7 +1136,7 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv)
dsb_simple(why, "5.4.6", "mail forwarding loop for %s",
rcpt->address);
deliver_status = eval_command_status(PIPE_STAT_BOUNCE, service,
request, request->fp, why);
request, &attr, why);
DELIVER_MSG_CLEANUP();
return (deliver_status);
}
@ -1179,7 +1189,7 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv)
rcpt_list, attr.flags)) == 0) {
dsb_simple(why, "4.3.5", "mail system configuration error");
deliver_status = eval_command_status(PIPE_STAT_DEFER, service,
request, request->fp, why);
request, &attr, why);
DELIVER_MSG_CLEANUP();
return (deliver_status);
}
@ -1202,7 +1212,7 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv)
argv_free(export_env);
deliver_status = eval_command_status(command_status, service, request,
request->fp, why);
&attr, why);
/*
* Clean up.

62
postfix/src/smtpd/smtpd.c
View File

@ -76,7 +76,7 @@
/* .fi
/* .IP "\fBbroken_sasl_auth_clients (no)\fR"
/* Enable inter-operability with SMTP clients that implement an obsolete
/* version of the AUTH command (RFC 2554).
/* version of the AUTH command (RFC 4954).
/* .IP "\fBdisable_vrfy_command (no)\fR"
/* Disable the SMTP VRFY command.
/* .IP "\fBsmtpd_noop_commands (empty)\fR"
@ -234,13 +234,13 @@
/* SASL AUTHENTICATION CONTROLS
/* .ad
/* .fi
/* Postfix SASL support (RFC 2554) can be used to authenticate remote
/* Postfix SASL support (RFC 4954) can be used to authenticate remote
/* SMTP clients to the Postfix SMTP server, and to authenticate the
/* Postfix SMTP client to a remote SMTP server.
/* See the SASL_README document for details.
/* .IP "\fBbroken_sasl_auth_clients (no)\fR"
/* Enable inter-operability with SMTP clients that implement an obsolete
/* version of the AUTH command (RFC 2554).
/* version of the AUTH command (RFC 4954).
/* .IP "\fBsmtpd_sasl_auth_enable (no)\fR"
/* Enable SASL authentication in the Postfix SMTP server.
/* .IP "\fBsmtpd_sasl_local_domain (empty)\fR"
@ -260,6 +260,11 @@
/* What remote SMTP clients the Postfix SMTP server will not offer
/* AUTH support to.
/* .PP
/* Available in Postfix version 2.1 and 2.2:
/* .IP "\fBsmtpd_sasl_application_name (smtpd)\fR"
/* The application name that the Postfix SMTP server uses for SASL
/* server initialization.
/* .PP
/* Available in Postfix version 2.3 and later:
/* .IP "\fBsmtpd_sasl_authenticated_header (no)\fR"
/* Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received
@ -1344,14 +1349,21 @@ static int helo_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
* persists so it will apply to MAIL FROM and to other commands such as
* AUTH, STARTTLS, and VRFY.
*/
#define PUSH_STRING(old, curr, new) { char *old = (curr); (curr) = (new);
#define POP_STRING(old, curr) (curr) = old; }
if (smtpd_milters != 0
&& SMTPD_STAND_ALONE(state) == 0
&& (state->saved_flags & MILTER_SKIP_FLAGS) == 0
&& (err = milter_helo_event(smtpd_milters, argv[1].strval, 0)) != 0
&& (err = check_milter_reply(state, err)) != 0
&& strncmp(err, "421", 3) == 0) {
smtpd_chat_reply(state, "%s", err);
return (-1);
&& (err = milter_helo_event(smtpd_milters, argv[1].strval, 0)) != 0) {
/* Log reject etc. with correct HELO information. */
PUSH_STRING(saved_helo, state->helo_name, argv[1].strval);
err = check_milter_reply(state, err);
POP_STRING(saved_helo, state->helo_name);
if (err != 0 && strncmp(err, "421", 3) == 0) {
smtpd_chat_reply(state, "%s", err);
return (-1);
}
}
if (state->helo_name != 0)
helo_reset(state);
@ -1411,11 +1423,15 @@ static int ehlo_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
if (smtpd_milters != 0
&& SMTPD_STAND_ALONE(state) == 0
&& (state->saved_flags & MILTER_SKIP_FLAGS) == 0
&& (err = milter_helo_event(smtpd_milters, argv[1].strval, 1)) != 0
&& (err = check_milter_reply(state, err)) != 0
&& strncmp(err, "421", 3) == 0) {
smtpd_chat_reply(state, "%s", err);
return (-1);
&& (err = milter_helo_event(smtpd_milters, argv[1].strval, 1)) != 0) {
/* Log reject etc. with correct HELO information. */
PUSH_STRING(saved_helo, state->helo_name, argv[1].strval);
err = check_milter_reply(state, err);
POP_STRING(saved_helo, state->helo_name);
if (err != 0 && strncmp(err, "421", 3) == 0) {
smtpd_chat_reply(state, "%s", err);
return (-1);
}
}
if (state->helo_name != 0)
helo_reset(state);
@ -2057,11 +2073,15 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
if (smtpd_milters != 0
&& SMTPD_STAND_ALONE(state) == 0
&& (state->saved_flags & MILTER_SKIP_FLAGS) == 0) {
state->sender = STR(state->addr_buf);
err = milter_mail_event(smtpd_milters,
milter_argv(state, argc - 2, argv + 2));
state->sender = 0;
if (err != 0 && (err = check_milter_reply(state, err)) != 0) {
if (err != 0) {
/* Log reject etc. with correct sender information. */
PUSH_STRING(saved_sender, state->sender, STR(state->addr_buf));
err = check_milter_reply(state, err);
POP_STRING(saved_sender, state->sender);
}
if (err != 0) {
/* XXX Reset access map side effects. */
mail_reset(state);
smtpd_chat_reply(state, "%s", err);
@ -2307,11 +2327,15 @@ static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
}
if (smtpd_milters != 0
&& (state->saved_flags & MILTER_SKIP_FLAGS) == 0) {
state->recipient = STR(state->addr_buf);
err = milter_rcpt_event(smtpd_milters,
milter_argv(state, argc - 2, argv + 2));
state->recipient = 0;
if (err != 0 && (err = check_milter_reply(state, err)) != 0) {
if (err != 0) {
/* Log reject etc. with correct recipient information. */
PUSH_STRING(saved_rcpt, state->recipient, STR(state->addr_buf));
err = check_milter_reply(state, err);
POP_STRING(saved_rcpt, state->recipient);
}
if (err != 0) {
smtpd_chat_reply(state, "%s", err);
return (-1);
}

2
postfix/src/tlsmgr/tlsmgr.c
View File

@ -810,6 +810,8 @@ static void tlsmgr_pre_init(char *unused_name, char **unused_argv)
* Open the session cache files and discard old information while
* privileged. Start the cache maintenance pseudo threads after dropping
* privileges.
*
* XXX Need sanity check that the databases have different names.
*/
for (ent = cache_table; ent->cache_label; ++ent)
if (**ent->cache_db)

2
postfix/src/util/sys_defs.h
View File

@ -24,7 +24,7 @@
* 4.4BSD and close derivatives.
*/
#if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \
|| defined(FREEBSD5) || defined(FREEBSD6) \
|| defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7) \
|| defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \
|| defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \
|| defined(NETBSD1) || defined(NETBSD2) || defined(NETBSD3) \

3
postfix/src/util/vstream.c
View File

@ -846,7 +846,8 @@ static int vstream_buf_space(VBUF *bp, ssize_t want)
if (vstream_fflush_some(stream, VSTREAM_TRUNCATE(used, stream->req_bufsize)))
return (VSTREAM_EOF);
if ((shortage = (want - bp->cnt)) > 0) {
if (shortage > __MAXINT__(ssize_t) -bp->len - stream->req_bufsize) {
if ((bp->flags & VSTREAM_FLAG_FIXED)
|| shortage > __MAXINT__(ssize_t) -bp->len - stream->req_bufsize) {
bp->flags |= VSTREAM_FLAG_ERR;
} else {
incr = VSTREAM_ROUNDUP(shortage, stream->req_bufsize);

2
postfix/src/util/vstream_tweak.c
View File

@ -128,7 +128,7 @@ int vstream_tweak_tcp(VSTREAM *fp)
*/
#else
if (mss > VSTREAM_BUFSIZE) {
int nodelay = 0;
int nodelay = 1;
if ((err = setsockopt(vstream_fileno(fp), IPPROTO_TCP, TCP_NODELAY,
(char *) &nodelay, sizeof(nodelay))) < 0)